Highly critical Drupal code security alert

Drupal Notice

The Drupal team have published a highly critical update to the Drupal core which they say plugs a vulnerability that “potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.” The vulnerability is within multiple subsystems of Drupal 7.x and 8.x and is severe …

Read moreHighly critical Drupal code security alert

WordPress 4.9.2 security release & YITH Wishlist vulnerability

wordpress

On January 16th WordPress released a security update to patch a vulnerability in the latest version of WordPress. According to the release notes (the update fixes a number of bugs too), “an XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no …

Read moreWordPress 4.9.2 security release & YITH Wishlist vulnerability

WordPress patches 4 new security issues

wordpress

All versions of WordPress 3.7 onwards have been patched to fix four new security vulnerabilities. As reported in the security and maintenance release notes for v4.9.1, the following fixes have been implemented in the latest security release: Use a properly generated hash for the newbloguser key instead of a determinate substring. Add escaping to the …

Read moreWordPress patches 4 new security issues

Vulnerability found in popular WordPress SEO plugin Yoast

wordpress

This week, WordPress security plugin Wordfence, reported on security vulnerabilities in three WordPress plugins, including one in the very popular SEO plugin, Yoast SEO. If you use Yoast SEO on your WordPress site and haven’t upgraded to version 5.8.0 you are advised to do so immediately. If you’re running Wordfence then you’re already protected, but …

Read moreVulnerability found in popular WordPress SEO plugin Yoast

WordPress 4.8.3 security release

wordpress

WordPress, the popular web platform, have today released a security update to some of its files to prevent an SQL injection vulnerability. According to the WordPress release post all prior versions of WordPress “are affected by an issue [which] can create unexpected and unsafe queries leading to potential SQL injection (SQLi).” The WordPress core doesn’t appear to …

Read moreWordPress 4.8.3 security release

Joomla! 3.8 patches 2 security issues

Online Security

Last week Joomla! released a new version, 3.8. The new version is an update to the Joomla! 3 series. Whilst it is primarily a feature release with 300 improvements and two major features it also patches two security issues: Core – Information Disclosure in LDAP Authentication Plugin (affecting Joomla 1.5.0 – 3.7.5) Core – Information …

Read moreJoomla! 3.8 patches 2 security issues

Security update to WordPress (4.8.2)

wordpress

Yesterday, WordPress issued an update to it’s core. This is a security release, so you’re strongly advised to update immediately if you’re running WordPress. According to the release notes for v4.8, it fixes 9 security vulnerabilities in version 4.8.1 and earlier. Check that you’re running on the latest version by logging into your WordPress dashboard – …

Read moreSecurity update to WordPress (4.8.2)

Drupal Security Release (8.3.7)

Drupal Notice

Web hosting platform, Drupal, have issued a maintenance release of their software that patches a number of security fixes. Users are urged to upgrade to the latest version, 8.3.7 as soon as possible. The release patches a number of security vulnerabilities: Views – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6923 REST API can …

Read moreDrupal Security Release (8.3.7)